AWS Certified SysOps Administrator – Associate Set6 Welcome to AWS Certified SysOps Administrator - Associate Set6. 1. Your web application has a global user base and you would like to route incoming traffic to the website according to the location of the user in order to give your users a personalized experience depending on their location. Which approach do you recommend? Use Route53 with a Geolocation routing policy Use Route53 with a Latency Based routing policy Use Route53 with a Weighted Round Robin routing policy2. Which AWS service is used to establish a dedicated network connection between your own data center and AWS? Route53 Direct Connect Bastion host3. You need to ensure that data traveling between AWS infrastructure components is kept within the Amazon network when possible. You have been specifically asked to ensure that data flowing to DynamoDB, S3 and Kinesis Data Streams stays within the VPC. Choose an option below which meets this goal. Create a VPN to allow all data for DynamoDB, S3 and Kinesis Data Streams to pass across it Create a VPC Interface Endpoint for all Kinesis Data Streams and create VPC Gateway Endpoints for S3 and DynamoDB Add a static route within each routing table to ensure that data for DynamoDB, S3 and Kinesis Data Streams goes directly to a NAT Gateway4. You have configured an EC2 instance, attached an internet gateway, added a route to the internet and configured a new Security Group to allow internet traffic, however you are still unable to access the internet from your EC2 instance. What could be the problem? You haven't configured a Route53 DNS record You need to configure a NAT Gateway You haven't configured an Elastic IP address5. You have a number of EC2 instances in a private subnet, how can you securely allow these instances to access the internet? Create a NAT gateway and configure a route to the internet via the NAT gateway Configure a security group enabling egress traffic for HTTP on port 80 and 443 Configure a Bastion host and a route out to the internet via the Bastion6. Instance 'A' and instance 'B' are running in two different subnets 'A' and 'B' of a VPC. Instance 'A' is not able to ping instance 'B'. Which of the following is a possible reason for this failure? The policy linked to the IAM role on instance 'A' is not configured correctly; and the NACL on subnet 'B' does not allow outbound ICMP traffic. The security group attached to instance 'B' does not allow inbound ICMP traffic; the policy linked to the IAM role on instance 'A' is not configured correctly. The NACL on subnet B does not allow outbound ICMP traffic; and the security group attached to instance B does not allow inbound ICMP traffic.7. Which subnet mask will give you the smallest IP address range? /28 /24 /258. Which of the following native AWS services does not support a VPC Endpoint connection? Kinesis Data Streams DynamoDB Amazon MQ9. What type of Route53 record allows you to map a zone apex DNS name to another Route53 record? Alias MX Record CNAME10. You have a number of EC2 instances which need to make wget calls to the internet. Which of the following will need to be in place to enable internet access? (Choose 3) A Bastion host, with an associated route in your route table A security group allowing HTTP traffic A Public IP or Elastic IP address An Internet Gateway, with an associated route in your route table11. What networking components will allow IPv6 data to communicate between a VPC and the internet? (Choose 2) NAT Egress-Only Internet Gateway Direct Connect Internet Gateway12. Your company processes streaming data from IoT devices. You have a single AWS account containing a VPC, a branch office where many DevOps engineers are located and a presence in a Tier 3 Data centre which houses a Database cluster. Data is streamed into the VPC where it is processed and then sent on to the Database. The AWS Engineers regularly connect into the VPC to perform maintenance. From the options below, choose the most secure, reliable and cost effective solution to connect the VPC to the Data center and the branch office into the VPC. Create an EC2 instance in the VPC which is running SSL VPN software, generate certificates for each of the AWS Engineers so that they can connect into the VPC using this software and create an IPSec VPN connection between the VPC and the Data centre for the streamed data Create an IPSec VPN between the branch office and the VPC and purchase a Direct Connect connection to communicate between the VPC and the Data center Create two IPSec VPN connections, one from the branch office to the VPC and one from the VPC to the Data center13. How many IP addresses does AWS reserve in every subnet? 6 4 514. You are supporting a highly available web application distributed across multiple AWS Regions and Availability Zones. Your application has a global user base and you need to ensure that users experience the best possible performance. Which routing protocol do you recommend? Latency Based Routing Simple Routing Policy Weighted Round Robin15. Your website is evenly distributed across 10 EC2 instances in 5 AWS regions. How could you configure your site to maintain high-availability with minimum downtime if one of the 5 regions was to lose network connectivity for an extended period of time? Establish VPN Connections between the instances in each region. Rely on BGP to failover in the case of a region-wide connectivity outage. Create a Route 53 Latency-based Routing Record Set that resolves to Elastic Load Balancers in each region and has the Evaluate Target Health flag set to "True". Create an Elastic Load Balancer to place in front of each EC2 instance. Set an appropriate health check on each ELB.16. You are configuring a new subnet with a /24 subnet mask. How many useable IP addresses will be available for you to allocate? 256 224 25117. Which of the following DNS record types does Route 53 not support? SPF CNAME DNSKEY18. You have created an internet gateway and now need to configure a route to the internet. Which of the following is the correct approach? Create a route with a destination of 0.0.0.0/0 and the target of your Internet gateway ID (igw-xxxxxxxx) Create a route with a target of 169.254.169.254/0 and the destination of your Internet gateway ID (igw-xxxxxxxx) Create a route with a target of 0.0.0.0/0 and the destination of your Internet gateway ID (igw-xxxxxxxx)19. You have an Amazon VPC with one private subnet, one public subnet, and one network address translation (NAT) server. You are creating a group of EC2 instances that configure themselves to deploy an application via GIT. Which of the following setups provides the highest level of security? Amazon ec2 instances in public subnet; assign EIPs; route outgoing traffic via the NAT. Amazon EC2 instances in private subnet; no EIPs; route outgoing traffic via the NAT. Amazon EC2 instances in public subnet; no EIPs; route outgoing traffic via the internet gateway (IGW)20. You are having issues sending traffic from your VPC to your Direct Connect connection. You believe it's a routing issue, but you need to confirm this by looking at the relevant logs. Which options will give you the best chance of troubleshooting your problem? Check the CloudTrail logs for your account Enable and Configure Amazon Inspector Enable VPC Flow Logs for your account21. Which subnet mask will give you the largest IP address range? /28 /16 /2422. Which protocol does AWS Direct Connect use to share routing information? IPSec BGP SSH23 out of 3Please fill in the comment box below. Email
